Xen Project Developer Summit 2013 Videos and Presentations

Talks

Xen 4.3 was the first release with our new "release coordinator" role during the whole development cycle. This talk will review some ways in which the process worked well for 4.3, and some ways it could have been better, and then go on to talk about the 4.4 release.

It should be great if we can use an unmodified guest for dom0 or the driver domain. We found a way to achieve that. Since Xen's inception, the first guest on Xen is always a para-virtualized domain, and it can be modified Linux, NetBSD, and Solaris etc. In this way, dom0 can achieve near-native performance, so it is commonly used in the server market. However, modifications to guest kernels also implies limitations. For example, it can't support Windows OS as the dom0 or the driver domain. With the rapid evolution of hardware-assisted virtualization (e.g. VMX, VT-d technologies), HVM domains also can achieve comparable performance with para-virtualization. And, it's high time for Xen to such an unmodified guest as the dom0. In the presentation, we discuss its architectural changes and its benefits compared with the traditional PV or HVM dom0, and we also introduce what we have done.

Event Channels are Xen's mechanism for paravirtualized interrupts. These were limited to only 4096 which then limits the number of guests that a host may support to around 300 to 500. This presentation will give a brief introduction to event channels, a detailed look at the new, innovative FIFO-based event channel ABI that increases the limit to over 100,000 as well as having several other useful features (e.g., multiple priorties). Some of the key performance measurments of the new ABI will be shown.

On Paravirualizing TCP: Congestion Control on Xen VMsLuwei Cheng, Student, University of Hong Kong

While datacenters are increasingly adopting VMs to provide elastic cloud services, they still rely on traditional TCP for congestion control. In this talk, I will first show that VM scheduling delays can heavily contaminate RTTs sensed by VM senders, preventing TCP from correctly learning the physical network condition. Focusing on the incast problem, which is commonly seen in large-scale distributed data processing such as MapReduce and web search, I find that the solutions that have been developed for *physical* clusters fall short in a Xen *virtual* cluster. Second, I will provide a concrete understanding of the problem, and reveal that the situations that when the sending VM is preempted versus when the receiving VM is preempted, are different. Third, I will introduce my recent attempts on paravirtualizing TCP to overcome the negative effect caused by VM scheduling delays.

In this presentation, Alex Brett will show how Citrix has constructed a Test-as-a-Service environment which is used by the wider XenServer engineering team, highlighting the benefits the approach provides, together with an introduction to the (recently open sourced) XenRT automation framework which powers it, and discuss how this could be applied within the Xen Project community.

osstest is the system which does the Xen.org automatic tests of Xen. The push gates, which try to prevent important regressions from reaching the main stable and evelopment trees, are managed by osstest. In this talk I will give a brief overview of the system, focussed on how to add new tests.

The current state-of-the-art in displaying guest video is to copy pixel data from domU memory into a buffer in the device model domain, and then to render the display using something like X, or VNC. The quantity of data copied is partially mitigated by dirty page tracking. However when using the VM to play video or other other tasks that require frequent full-screen updates, copying is a significant drag on system performance and power consumption. By using the DRM subsystem in dom0 on systems with a unified memory architecture, it is possible to make arbitrary pages available for direct scanout by the graphics hardware. The in-kernel graphics drivers make this relatively straight forward and maintainable. This presentation explains how the current display path works, and how to use DRM to improve it.

This paper introduces the Virtual Disk Integrity in Real Time (vDIRT) monitor, a mechanism to measure virtual hard disks in real time from the Dom0 trusted computing base. vDIRT is an improvement over traditional methods for auditing file integrity which rely on a service in a potentially compromised host. It also overcomes the limitations of existing methods for assuring disk integrity that are coarse grained and do not scale to large disks. vDIRT is a capability to measure disk reads and writes in real time, allowing for fine grained tracking of sectors within files, as well as the overall disk. The vDIRT implementation and its impact on performance is discussed to show that disk operation monitoring from Dom0 is practical.

PVH is a new guest type that is designed to take the best features of both PV and HVM guests. This talk will be a technical deep-dive: explaining exactly which features of HVM and PV guests are used, and which ones are discarded, and why. The primary goal will be to inform developers about the details of PVH to make it easier for them to interact with the code.

In this talk I plan to describe my first impression from working on open source project, how the community is organized and what can be gained by contributing to open source community. As a supporting fact of positive outcome from participating in similar projects, I will provide an example from my personal experience. It demonstrates how anyone can dive into open source development and work on project of choice. I introduce my work on virtual NUMA within XenProject and OPW program. It will demonstrate the challenges that newbie will face diving into mature development product and process, the necessity of discipline, commitment and self-organization. I will show what I had to learn in order to move forward, what I had to focus on and how to progress. The work what was done at this moment would not be possible without help of project mentors, source code knowledge, learning how to extract information from patches and ask right questions. I hope this example will bring more passionate developers into the community of open source software and hacking.

As the number of CPU cores in server-class hardware increases, the demand on a virtualisation platform increases for greater VM density. Most commercial virtualisation platforms now support several hundred VMs per host. This talk will describe the scalability challenges that were overcome in Citrix XenServer 6.2 to enable support for up to 500 fully virtualised or 650 paravirtualised VMs per host. These include limits with event channels, blktap, xenstored and consoled. It will also discuss how dom0 CPU utilisation was reduced in order to make a large number of VMs responsive and thus usable, and will present benchmark measurements quantifying these improvements.

Citrix has recently spent several months making sure all the key parts of XenServer are open source. Part of this effort made the XenServer Windows Paravirtual (PV) drivers available in source form under a BSD 2 clause license on GitHub. Building these drivers outside of the internal Citrix XenServer build environment was quite hard and the resulting binaries would only run correctly in a XenServer host environment. I have recently spent many weeks modifying the drivers so that they should work on any recent upstream Xen host environment thus making it much easier for anyone outside of Citrix to build and deploy the drivers. I would therefore like to give a brief tour of all the drivers, their source, what each of them does, and how they all interact. I will also discuss plans for posting signed versions of these drivers onto Windows Update for general use by the community.

Many significant improvements have been made to Xen and Linux for the ARM architecture since September 2012, when initial support for Xen on ARM was introduced in the kernel. The number of contributors considerably increased as the number of different companies behind them. Xen on ARM has become a true multivendor project. Today Linux 3.11 can run on Xen on ARM as a DomU or Dom0, 32-bit or 64-bit, with one or more CPUs. Xen 4.3, out since July 2013, is the first hypervisor release to support ARMv7 and ARMv8 platforms. This talk will discuss the current status of the project, the principal technical advancements achieved during the last year of development and the problems still left unsolved. It will relate the experience of porting Xen to many new ARM SoCs and working with multiple hardware vendors in the ARM ecosystem, within and outside the Linaro Enterprise working Group.

We have presented the idea of coarse grain lock-stepping (COLO) virtual machiens for non-stop service in last year's xen summit. We have made significant progress in the past year and submitted the patch series to the community. It is a good time for us to present the latest status to the community and call for participation.

Samsung will present the challenges of creating a dual-Android platform on the Nexus 10 using Xen on ARM. Running two copies of Android is a strong use-case to satisfy the security needs for BYOD (Bring Your Own Device), where one Android can be designated as “work” and is secure and isolated from the users “home” Android. Achieving a good user-experience in both Android is essential for this technology to succeed commercially. The Nexus 10 has ARM Cortex A15 processors. For a good user-experience, both Android need high-performance GPU-accelerated graphics which demand high throughput and low latency. Samsung will discuss the issues encountered using Xen on a mobile device in this demanding use-case, and how the changes for Xen for mobile can be contributed into the community.

Xen role, details of implementation and problems in a sample solution based on OSS (Android, Linux and Xen) that addresses Automotive requirements such as ultra-fast RVC boot time, quick IVI system boot time, cloud connectivity and multimedia capabilities, reliability and security through hardware virtualization. Secure CAN/LIN/MOST bus integration handled by Linux on Dom0 while Android runs customizable QML-based HMI in a sandbox of DomU. These case studies will include but not be limited to: computing power requirements, memory requirements, virtualization, stability, boot-time sequence and optimization, video clips showing results of the work done. Case study is built on TexasInstruments OMAP5 SoC.

The creation of the Linux Foundation Labs Xen Project has been a big step forward for the Xen hypervisor community. But the Xen hypervisor isn't the only project that's been accepted into the Linux Foundation: The Xapi Project is the umbrella project for the open development of the Xapi Toolstack, the set of software that powers XenServer and XCP. In this talk a status update for the project will be given, discussing therelationship between the Xapi project and the newly forming XenServer development community and the convergence of XCP and XenServer. The use of libraries and technology co-developed with the Mirage project will be highlighted. Mirage is a unikernel that allows us to build applications which can be compiled to very diverse environments: the same code can be linked to run as a regular Unix app, relinked to run as a FreeBSD kernel module, and also linked into a self-contained kernel which can run on the Xen hypervisor. Since the talk last year, we have developed around 40 new libraries that implement significant stub domain functionality; vchan, blkfront/netfront that compile in UNIX *and* Xen with similar interfaces, a message switch that coordinates fault-tolerant communication, and an interactive fbdev. In a nutshell, it makes moving to stub domains practical where previously it was for single VM appliances. As part of this effort, we have also identified several possible improvements in hypervisor interfaces. We would also like to announce the first 1.0 public release here!

Mobile devices, such as smart phones and tablets, are becoming de-facto everyday computing and communication devices, virtualization can bring additional benfits to mobile devices for both security and manageability. IT department may use hypervisor, as a highly secure solution, to manage autherized mobile devices, such as for network traffic monitoring, filtering, scan (for virus detection), and/or OS update/patching even when the guest OS becomes completely dead. We insert Xen to the mobile OS Android to deprivilege Android as guest for security and manageability purpose. However, the usage case of mobile device is quit different with that of server, for example mobile devices runs completely different benchmarks (mostly multimedia focused) vs. that in server (mostly responsiveness focused). We analyze the gap of Xen as a mobile hypervisor and present how we improve the performance.

Xenserver-core: What it is, how it is built and how to get involvedEuan Harris, Citrix

XenServer is open source and freely available, but it is packaged as an appliance image which must be installed on dedicated hardware. xenserver-core repackages the core components of XenServer so they can easily be built and installed on a standard Linux distribution. Its main goals are: * to make it easy to download, modify and build XenServer components, or just learn how they work; * to help upstream distributions to include up-to-date XenServer packages; * to provide an environment for experimentation. This talk will explain the motivations behind xenserver-core and how it relates to the open-sourcing of XenServer. For developers, it will cover how to get the code, how to build it and how to contribute back to the project. For packagers, it will explain the project's development and release processes and what an upstream maintainer can expect from it.

Due to the rapid shift toward cloud computing, virtual desktop infrastructure (VDI) and thin client computing, many organizations in the government desire a high assurance, multi-level secure server virtualization platform that is low-cost, open and enterprise ready. In this presentation, Jason Sonnek will present SecureServe, a recently launched effort to develop such a platform by building on the open-source Citrix XenServer. The SecureServe project will draw upon research in a number of areas, including dom0 disaggregation, Xen Security Modules mandatory access controls and static/dynamic attestation. In this presentation, Jason will describe the project objectives and requirements, the project's relation to Citrix XenClient XT and XenServer Windsor, current development status and plans for moving forward.

Performance Evaluation of Live Migration based on Xen ARM PVHJaeyong Yoo, Samsung

Electricity charge for operating data centers is reaching approximately 27% of total operation cost. For this reason, ARM servers have been getting more attention for future energy-efficient data centers and the performance of ARM processors keeps increasing (i.e., almost 3GHz). For efficiently utilizing ARM cores, ARM PVH has been introduced in Xen 4.3, and based on this, we have implemented live migration feature and evaluated on top of dualcore ARM board. More specifically, we choose multimedia streaming workload, measure the maximum concurrent clients, and calculate clients per watt (CPW) as the performance metric. From this, we have found out that even dualcore ARM processor (with virtualization) gives higher CPW (7 CPW) over x86 case (6 CPW). In addition we could reduce the energy consumption around 70% (4-to-1 consolidation for low-loaded servers) by using server consolidation.

Today the software stack inside cloud instances closely follows the traditional pattern, the pattern optimised for a completely different settings. The emerging OS-less software technologies promise to radically simplify the software inside virtual servers. Erlang on Xen is one of such technologies. It is a highly-compatible reimplementation of the Erlang VM that run directly on Xen. The super-elastic services based on Erlang on Xen adhere to 7 'commandments': 1) Do not assume the presence of OS underneath; 2) Software must be oblivious to boundaries of physical nodes 3) All services share the same auto-scalable infrastructure 4) Run computations near the data they process 5) Child nodes get configuration from the parent only 6) Avoid “administration” at all costs 7) SMP is abomination of cloud computing.

While virtualization technologies like Xen have been around for a long time, it is only in recent years that they have started to be targeted as viable systems for implementing middlebox processing (e.g., firewalls, NATs). But can they provide this functionality while yielding the high performance expected from hardware-based middlebox offerings? In this talk Joao Martins will introduce ClickOS, a tiny, MiniOS-based virtual machine tailored for network processing. In addition to the vm itself, Joao Martins will describe performance improvements done to the entire Xen I/O pipe. Finally, Joao Martins will discuss an evaluation showing that ClickOS can be instantiated in 30 msecs, can process traffic at 10Gb/s for almost all packet sizes, introduces delay of 40 microseconds and can run middleboxes at rates of 5 Mp/s.

Currently xen-api is really only installed today as part of XenServer. It has traditional enterprise style releases, with controlled upgrades and hotfixes when required. When deploying OpenStack Rackspace, with the help of the OpenStack community, have adopted an approach where any check-in could be deployed, and the system upgraded, from any other checkin from that last release, or earlier in the current release. It would be interesting to see if xen-api could move towards a model. At a minimum having more regular check points where an upgrade would be possible. When running a cloud, a very small amount of control plane downtime is possible, but ideally there should be zero downtime for user's virtual machines. We should explore the ability to only upgrade Xen as a last resort, but still be able to update as much the control and data plane as possible, while keeping VMs alive.

Terms related to security like 'disaggregation' and 'stubdom' have found their way into the standard Xen vernacular. Implementations of these architectures still require heavy lifting but examples have made their way into both the open source and commercial products. In this talk Philip presents a lesser known but complimentary method to confine QEMU processes using SELinux type enforcement. This architecture alone is interesting but Philip believes its utility extends beyond QEMU and SELinux. Future problems like inter-VM communication mechanisms hold unique challenges with regard to access control and policy semantics. Philip will argue that an approach influenced by sVirt and user-space object managers will be useful here. As always, attendees should expect tangents into abstract topics like the nature of trust and the utopic world that strong security mechanisms will bring about.

Currently Xen only allows a single device emulator to be attached to each HVM guest in a system and, to date, this has been QEMU generally running as a process in the same domain as the toolstack, or in a stub domain. To enable the deployment of virtual GPUs to HVM guests in XenServer, patches were created to allow multiple device emulators to be attached to each HVM guest. QEMU continues to be used to emulate the majority of the devices, but a second process is spawned to handle the virtual GPU. This opens up the possibility of the GPU vendors supplying 'appliance' driver domains in future. I'd like to give an overview of the changes that we've made to Xen and QEMU to enable the use of multiple emulators, the potential benefits to driver domains, plus the knock on effect of emulator disaggregation on the 'unplug' protocol and what we could do about this.

GPU virtualization has become an increasingly important requirement for client virtualization and cloud. Significant challenges exists realizing the multiplexing of graphics, media and compute workloads from multiple VMs and achieving the goals of being fully functional, high performance and secure. In this presentation, we will first review existing graphics virtualization technologies, and then introduce how XenGT - an open source solution from Intel - approaches differently. Broad functionality and good performance is achieved by accelerating the native OS graphics stack in each VM with minimum hypervisor intervention. A software mediator ensures the secure multiplexing of workloads from the multiple VMs by managing the scheduling of VMs on the GPU and controlling access to privileged resources and operations.

Hardware performance monitoring facilities such as counters can provide invaluable information about system behavior. In recent years, Linux 'perf' has become the standard tool for managing these facilities and interpreting data that they generate. In this talk we will discuss changes to Xen and Linux that will allow PV guests (including dom0) use perf for profiling themselves and, in the case of dom0, the hypervisor.

The development of low latency storage media such as modern Solid State Drives (SSD) brings new challenges to virtualisation platforms. For the first time, we are witnessing storage back ends which are so fast that the CPU time spent in processing data significantly impacts the delivered throughput. This is aggravated by CPU speeds remaining largely constant while storage solutions get faster by orders of magnitude. To meet user demands and fully exploit SSD performance under Xen, new technologies are necessary. This talk will discuss the Xen storage virtualisation data path when using various back ends (e.g. blkback, tapdisk, qemu). It will explain why it is hard to exploit SSD performance with current technologies and present measurement data for a variety of workloads. Finally, it will show how techniques such as persistent grants and indirect I/O can help to mitigate the problem.

Felipe introduced the session, highlighting the change in storage (i.e., low latency SSDs and fast SANs) were exposing bottlenecks in the current architecture which is designed with slow disks. Refer to his presentation from Friday for more details. ...